nhs rotherham clinical commissioning group body papers... · page 1 of 6 nhs rotherham clinical...

of 6

NHS Rotherham Clinical Commissioning Group

Operational Executive – 13th and 20th February 2017

Strategic Clinical Executive (for info) – 8th March 2017

GP Members Committee (GPMC) – Date

Clinical Commissioning Group Governing Body - 1st March 2017, 5th April 2017

Audit & Quality Assurance Committee – 17th March 2017

Risk Management System

Lead Executive: Chris Edwards – Chief Officer

Lead Officer: Ruth Nutbrown – Assistant Chief Officer

Lead GP: Richard Cullen – SCE GP – Governance Lead

Purpose:

To update the new Risk Management System (RMS) for Governing Body.

Background:

Further to discussion at the January Confidential Governing Body meeting regarding the

review of the CCG’s Risk Management System, a new risk management system has now been developed and implemented.

The new risk management system includes a risk management framework incorporating the risk management policy and procedural documents, as well as a newly designed Governing Body Assurance Framework (GBAF), Risk Register (RR) and introduction of an Issues Log (IL).

The Risk Management system was initially approved by Governing Body on the 1st March

2017. It has since been updated following organisational change and presentation at AQuA for re-approval.

Analysis of key issues and of risks

The risk management framework has been radically updated, in line with the new GBAF, and RR, with the CCG’s strategic objectives being included, as well as an updated risk matrix, risk appetite statement, and new templates for the GBAF, RR and IL.

For assurance the process followed transposed the entries on the original documents to the new documents, the risks were updated, re-written or retired. No risks were “lost” during the process. Appendix 1 Maps the migration from the old documents to the new.

The risk appetite linking to the strategic objectives was agreed during the governing body development session on the 1st March, this has now been updated within the policy presented today. Appendix 2 shows the minutes of the Governing Body development session.

Internal Audit are currently reviewing the RMS, and have (at the time of writing) suggested one amendment to the GBAF.

of 6

With reference to internal and external assurances there are no implementation dates to

act as a trigger for AQuA and GB to seek assurance when dates have passed to call

officers to account

This will be discussed at OE, prior to being re-presented at GB in April.

Not having an updated Risk Management Framework, Policy and Procedural document updated as part of the review of the RMS may lead to a reduced internal audit assurance statement at year end.

As per the structure review the responsibilities for Risk Management moves from the Deputy Chief Officer to the Chief Officer so the policy has been altered due to the post April structure review to take this into account.

The new system is still in development, with discussions at OE around the number of AF risks per strategic objective, as some objectives contain more than one issue. As the system matures, and embeds this may change.

The suggested reporting on the new system is as follows: Issues Log – bi monthly to OE Risk Register – every 2 months to OE and to every other AQuA meeting GBAF – to every other AQuA meeting and bi-annually to GB Following representation to GB in April, the policy is expected to be formally adopted and communicated to staff, via email and the Senior Management team Meeting. A “spotlight” session at a forthcoming staff meeting will introduce the new documentation and raise awareness of the new system to all staff.

Patient, Public and Stakeholder Involvement:

OE members and Risk Owners have been consulted in the development of all the documents.

Equality Impact:

N/A

Financial Implications:

N/A

Human Resource Implications:

N/A

Procurement:

N/A

Approval history:

OE, GB, AQuA

Recommendations:

Governing Body is asked to note the changes to the CCG’s Risk Management System, following changes to the staffing structure.

Governing Body is asked to ratify the Risk Management System.

of 6

Appendix 1 Migration of GBAF and RR to new format

Ref Principle Risk Lead person Action Reference

(Risk Register / Issues Log / GBAF)

073 Adverse impact on patient care due to challenges at TRFT evidenced by: leadership change, liquidity pressures and unresolved EPR implementation issues.

Ian Atkinson Meeting with Ian Atkinson 28.11.16 - Closed

N/A

033 Failure to deliver planned efficiency savings in Planned Care

Ian Atkinson Meeting with Ian Atkinson 28.11.16 - Closed, new entry on issues log

IL3 & GBAF Objective 1

031 Failure to deliver planned efficiency savings in unscheduled care

Keely Firth Ian Atkinson Dominic Blaydon

Meeting with Keely Firth 05.01.17 - Reworded and included on issues log for (2016/17) & Risk Register thereafter

IL3 & RR7 & GBAF Objective 2

085 Failure of YAS to achieve RED 1 8 minute Target 2014/15 at CCG level and Yorkshire & Humber wide. The position (Roth CCG) as at Oct is 65.73% against a target of 75%.

Claire Smith Meeting with Claire Smith 02.02.17 - Included on issues log

IL5 & GBAF Objectives1/3

066 Subcontracted Commissioning services with CSU/LPF provider fail to deliver outcomes as a result on CSU not being on lead provider framework


N/A

065 Failure to meet A&E targets Sarah Lever Reworded and included on Risk Register 2016/17, Issues Log thereafter

RR14 & IL4 & GBAF Objectives1/3

104 Impact of changes to primary care support England from NHS to Capita contract

Jacqui Tufnell Meeting with Jacqui Tufnell 29.11.16 - Include on issues log


102 Inability to deliver CAMHS reconfiguration in a timely manner

Nigel Parkes Meeting with Nigel Parkes 14.02.17 - Closed

N/A

099 Failure to deliver the National IAPT waiting times standards A. 75% of people seen within 6 weeks B. 95% of people seen within 18 weeks

Kate Tufnell Meeting with KateTufnell 14.02.17 - Included on issue log

IL7 & GBAF Objectives 1

079 Impact of other commissioners efficiency plans on CCG core business.


N/A

069 Financial viability of key acute provider TRFT Keely Firth Meeting with Keely Firth 05.01.17 - Reworded and included on risk register

RR8

037 Delivery of corporate/running costs savings whilst taking on new services and hosting shared services has a negative impact on corporate performance

Keely Firth Meeting with Keely Firth 05.01.17 - Reworded and included on risk register

RR9

008 Financial allocations reduced by Government. Review of Allocations by NHS England

Keely Firth Meeting with Keely Firth 05.01.17 - Closed

N/A

096 Equipment provided by RCCG via IFR/CHC - failure to have a procurement service to ensure cost effectiveness and service that ensures that the

Alun Windle Meeting with Alun Windle 28.11.16 - Included on issues Log


of 6



purchased equipment has a record of maintained and safety.

097 Failure to meet the National cut-off date of 1st March 2017 for Previously Unassessed Periods of Care (PUPoC) - previously known as CHC Retrospective Claims

Alun Windle Meeting with Alun Windle 28.11.16 -Reworded and included on risk register

RR1

093 Collaborative commissioning of specialised services

Jacqui Tufnell Meeting with Jacqui Tufnell 29.11.16 - Reworded and included on risk register

RR2

071 Impacts on quality and safety of the cost improvement plans of our key providers

Ian Atkinson Sue Cassin

Meeting with Ian Atkinson 28.11.16 - Closed

N/A

105 NHS RCCG reputation as responsible commissioner for Children in Care - not having initial health assessments within statutory framework

Sue Cassin Catherine Hall

Reworded and included on risk register & Governing Body Assurance Framework

RR5 & GBAF objective 3

015 Not maintaining accessible and responsive high quality primary care (current concerns are due to overall GP capacity)


RR3

080 Reduction in resources through introduction of Better Care Fund

Keely Firth Meeting with Keely Firth 05.01.17 - Closed and replaced with a new risk

RR10

027 Failure to improve Child and Adolescent Mental Health Services (CAMHS)

Nigel Parkes Meeting with Nigel Parkes 14.02.17 - Reworded and included on risk register

RR19

029 Failure to deliver affordable prescribing trajectories

Ian Atkinson Stuart Lakin

Meeting with Ian Atkinson 28.11.16 - Reworded and included on issues log


005 Insufficient funds to finance objectives on a recurrent basis


RR11

101 Delivery of the CAMHS Local Transformation Plan (LTP)

Nigel Parkes Meeting with Nigel Parkes 14.02.17 - Closed

N/A

003 Quality of Commissioned Services AF 09 now incorporates AF05

Sue Cassin Sarah Lever Kate Tufnell J Tufnell Alun Windle Dawn Anderson

Included on risk register RR23 & GBAF Objective 1

095 CQC inspection of GP practices leading to less than 'good' rating

S Cassin J Tufnell

Reworded and included on risk register

RR6 & GBAF Objective 1

053 Reduced workforce capacity and capability to deliver projects and QIPP


N/A

004 Overspend due to high costs of individual patients of continuing care


RR12

083 Child Sexual Exploitation (CSE) - RMBC may not be able to effectively work with NHSR CCG to deliver the partnership agenda as there resources will be targeted to dealing with CSE.

Chris Edwards Meeting with Chris Edwards 31.01.17 - Reworded and included on risk register

RR17

100 Patient safety and financial implication of a Ian Atkinson Meeting with Ian Atkinson 28.11.16 - N/A

of 6



complex patient transferred from NHS England Commissioning responsibility in November 2015

Kate Tufnell Closed

091 Financial risk to the CCG arising from it's duties under developing case law regarding potential Deprivation of Liberties (DoLS)

Keely Firth Meeting with Keely Firth 05.01.17 - Included on issues Log

IL6 & GBAF Objectives 3

072 Impact of NHS 111 on the local health community. Specifically potential for increase in number of patients being referred to A&E / 999 note that the elements of the risk scored through are now mitigated

Claire Smith Meeting with Claire Smith 02.02.17 - Included on Risk register

RR18

089 Failure to deliver against the Public Health Memorandum of Understanding

Ruth Nutbrown Closed N/A

078 NHS England unable to locate CAMHS Tier 4 Bed. As a result RDaSH are placing under 18's with Rotherham's Adult beds - Risk Children in adult beds. Adult beds occupied (currently CCG not charging) could result in CCG having to fund out of area bed for Adult. (Emergency Issue)

Kate Tufnell Nigel Parkes

Meeting with KateTufnell 14.02.17 - Included on issues log

IL8 & GBAF Objectives1

076 Financial pressure due to rebasing of ambulance costs across Y&H


RR13

075 Payment approaches for Mental Health for Older People & Adults (Potential increase in costs for services to the CCG due to transfer from block contract to a PbR type mechanism)

Ian Atkinson Nigel Parkes


N/A

092 Impact of PMS/MPIG changes on the stability of practices


RR4

106 Failure to effectively adhere to the revised statutory Conflict of Interest Guidance for CCG's ` which could lead to confidence in the probity of commissioning decisions and the integrity of officers and others to be seriously undermined.

Ruth Nutbrown John Barber

Closed N/A

054 Failure of CCG IT Systems Ian Atkinson Andrew Clayton


N/A

of 6

Appendix 2

GP Development Session

Risk Appetite

1st

March 2017

Introduction by Ruth Nutbrown, including a definition of Risk Appetite. The Risk Matrix currently describes RCCGs Risk Appetite at 11 i.e. Medium = Minimal Preference for ultra-safe options that are low risk and only have potential for limited reward. The members were asked to consider if this overall score is correct. Each of the CCG’s objectives were introduced as follows: Objective 1 Quality – improving safety, patient experience and outcomes and reducing variations…was introduced to the floor with examples taken from the current Risk Register. Discussion ensued which was followed by a Chief Officer proposal to change the current 11 to 12, this was agreed by members. A score of 12 = HIGH Cautious - Preference for safe options that have a low degree of risk and may only have limited potential for reward. Objective 2 Delivery – leading system wide efficiency programmes that consistently achieve measureable improvements whilst meeting our financial targets...was introduced to the floor with examples taken from the current Risk Register and issues log. Discussion took place. It was proposed and agreed that this objective be raised to 15. A score of 15 = HIGH Cautious - Preference for safe options that have a low degree of risk and may only have limited potential for reward Objective 3 Assurance – having robust internal constitutional and governance arrangements, ensuring that provider services are safe and ensuring vulnerable people have effective safeguarding… was introduced with explanation that this was in essence three separate objectives which in the future would perhaps be separated. It was further explained that the third element of this objective also appears as a standalone in objective 4. Discussion took place and it was agreed that the risk appetite of 11 should remain. A score of 11 = MEDIUM = Minimal - Preference for ultra-safe options that are low risk and only have potential for limited reward. Objective 4 Safeguarding – ensuring all children and vulnerable adults are protected from harm, including implementing all actions on Child Sexual Exploitation from the Jay and Casey report…Discussion ensued and it was decided that this objective be rescored as 10. A score of 10 = MEDIUM - Minimal Preference for ultra-safe options that are low risk and only have potential for limited reward. The Chief Officer suggested that the current position be reviewed in 6 months’ time and that we should compare ourselves with other CCGs.

`

Title: Rotherham CCG – Integrated Risk Management Framework – Policy & Procedure

Reference No: 007/Corporate Owner: Operational Executive Author: Ruth Nutbrown, Assistant Chief Officer First Issued On: June 2012 v1.0 (as a CCG Policy) Latest Issue Date: June 2012 v1.0 Operational Date: 1 July 2012 v1.0 Date Reviewed: September 2013 v1.1 Date Reviewed: January 2015 v2.1 Date Reviewed: February 2017 V2 Review Date January 2020 Consultation Process:

Ratified and Approved by: Distribution: All staff and GP members of the CCG. All other staff

working at Oak House for the CCG (CSU staff). Compliance: Mandatory for all permanent & temporary employees

of Rotherham CCG. Equality & Diversity Statement: An Equality Impact Assessment has been completed

and the policy has been assessed as having no negative impact

2

C o n t e n t s

Section Definitions

Page

3

Policy

1 Introduction 5

2 Policy Statement, Aims and Objectives 5

3 Accountabilities for Risk Management 6

4 Risk Management Framework 10

5 Open and Fair Culture 11

6 Training and Support 11

7 Consultation and Communication with stakeholders 12

8 Monitoring the effectiveness of this Policy 12

9 Review and Revision of the Policy 12

10 Dissemination and Implementation 12

11 Equality and Diversity 12

12 Associated CCG documents 13

Procedure

13 The Risk Management Process 14

14 Risk Identification 14

15 Assess the Risk 14

16 Evaluation of Risk 15

17 Risk Appetite and Unacceptable Risk 15

18 Risk Assurance/Control 17

19 Record the Risk 18

20 Review the Risk 19

21 Information Risk Management 20

22 Embedding Risk Management 21

Appendices

A Risk Register Template

B GBAF Template

C Structure for Risk Management

D Risk Matrix

E Generic Risk Assessment Template

3

Definitions Assurance: Confidence, based on sufficient robust evidence, that internal controls are in place, operating effectively and objectives are being achieved e.g. internal and external audits and reviews. Clinical Risk: Identified and managed in accordance with HSC1999/065 ’Clinical Governance in the new NHS’. Clinical risk can be defined as direct risks relating to the care of the patient and the standards of care received on the patients’ journey. Issues that can have an impact on the standard of clinical care received include patient safety, safeguarding, consent issues, patient research studies, infection prevention & control, medicines management, clinical audit, and ensuring that there are sufficient staffing levels and that these staff are appropriately trained. Control: The measures and systems which are in place to control a risk and reduce its likelihood of occurring. Controls can be preventative, detective or directive. Effective control provides a reasonable assurance that the organisation will achieve its objectives reliably, and enables it to respond to significant operational, financial and compliance risks. Environmental Risk is defined as risks associated with organisational actions which may have an impact upon the environment. Financial Risk is managed in accordance with the codes of Resource Accounting and Budgeting, supported by Standing Orders, Standing Financial Instructions and appropriate risk management plans. Financial risk can be defined as risks that will threaten the effective financial controls, including the systems to maintain proper accounting records. It is important that the organisation is not exposed to avoidable financial risk and that financial information used within NHS Rotherham CCG and for external publication is reliable. Governing Body Assurance Framework: A structure/document within which the Governing Body identify the risks to the organisation meeting its strategic objectives and map out both the key controls in place to manage them, how they have gained sufficient assurance about their effectiveness and identify any gaps in controls or assurances. Hazard: A potential source of risk e.g. damage or harm Information Risk is inherent in all activities and an information risk assurance process is set out as a requirement of the Information Governance Toolkit. Information risk management seeks to identify and control information risks in relation to business processes and functions and is led by the Senior Information Risk Owner (SIRO). Integrated risk management: A process through which organisations identify, assess, analyse and manage all risks and incidents for every level of the organisation and aggregate the results at a corporate level e.g. patient safety, health and safety, complaints, litigation and other risks Issue: is a present problem or concern affecting the organisation. A risk can become an issue, but an issue is not risk – it is already happening. There is a separate Issues Log which the CCG uses to manage issues. Operational Risk is defined as risks which affect the achievement of local objectives. Operational risks are captured on the organisation’s Risk Register. Organisational / Corporate Risk is defined as risks relating to the business of the organisation such as communication, provision of goods and services, data protection, information systems, human resources, and risks that threaten the achievement of the organisation’s objectives. It also includes risks relating to the delivery of the organisation’s delivery plans and efficiency programme.

4

Reputational Risk is defined as risks which affect public and stakeholder perception of the organisation. Risk: The combination of likelihood and consequence of hazards being realised, resulting in some form of loss or damage. The possibility that objectives will not be achieved. Risk Analysis: The systematic use of information to identify hazards and to estimate risk Risk Appetite: The amount and type of risk that an organisation is willing to take in order to meet their strategic objectives. Risk assessment: A process of identifying the hazards in a workplace or system so as to effectively eliminate or adequately control the risks. Risk Management: A process that enables organisations to identify, analyse, control and monitor risks. By doing this we can protect our patients, visitors, contractors and employees. Risk Matrix (Risk evaluation/scoring system): Tool used to help estimate Likelihood x Consequence resulting in an overall risk score. Strategic Objective: An overall goal of the organisation System of Internal Control: A system, maintained by the Governing Body, that supports the achievement of the organisation’s objectives. This should be based on an on-going risk management process that is designed to identify the risks to the organisation’s strategic objectives, to evaluate the nature and extent of those risks, and to manage them efficiently, effectively and economically Strategic Risk is defined as risks which affect the achievement of the organisation’s strategic objectives. Strategic risks are captured on the organisation’s Assurance Framework.

5

1 Introduction 1.1 NHS Rotherham Clinical Commissioning Group (CCG) has a responsibility to ensure that

the organisation is properly governed in accordance with best practice corporate, clinical and financial governance. Every activity that the CCG undertakes or commissions others to undertake on its behalf, brings with it some element of risk that has the potential to threaten or prevent the organisation achieving its objectives.

1.2 This Integrated Risk Management Framework (policy and procedure) provides the

framework that enables the organisation to have a clear view of the risks affecting each area of its activity; that may prevent it from achieving its objectives, and how those risks are being managed. This document sets out the framework for the identification and management of risk within the CCG.

1.3 This policy is intended for use by all directly employed and agency staff and contractors

engaged on CCG business in respect of any aspect of that work, including clinicians and others paid by the CCG, whether employed or otherwise funded, directly employed staff, and staff managed by the Commissioning Support Unit.

2 Policy Statement, Aims & Objectives 2.1 The CCG Governing Body recognises that robust risk management and assurance is an

integral part of its governance responsibilities and is committed to the management of risk throughout all its activities.

2.2 The Governing Body is committed to ensuring that risk management forms an integral part

of its philosophy, practices and business plans rather than viewed or practised as a separate programme, and that responsibility for implementation is accepted at all levels of the organisation.

2.3 The purpose of this Integrated Risk Management Framework is:

• To encourage a culture where risk management is viewed by the CCG and staff, including the Strategic Clinical Executive, as an essential process of the CCG’s activity.

• To ensure structures and processes are in place to support the assessment and management of risks throughout the CCG.

• To assure the public, patients and their carers and representatives, staff and partner organisations that the CCG is committed to managing risk appropriately.

2.4 The Governing Body aims to take all reasonable steps in the management of risk with the overall objective of protecting patients, staff, and publically funded resources and assets by recognising, preparing for or avoiding events or inactions, which could have a negative impact; making the organisation more effective and meeting national objectives and the local corporate, clinical and financial governance core objectives.

2.5 The aim of this policy is to ensure that all significant risks associated with the business of

NHS Rotherham CCG are identified, assessed, evaluated, recorded, reviewed, managed appropriately and effectively and reduced to the minimum practicable level. In order to achieve this, it is necessary to:

• Define a coordinated approach for the management of risk across all its activities. • Satisfy all statutory and mandatory duties. • Promote safe working practices aimed at the reduction or elimination of risk, as far as is

reasonably practicable. • Raise awareness of risk and its management through a programme of communication,

education and training.

6

2.6 The Governing Body’s objectives for managing information risk are to:

• Protect the CCG, its staff and its patients from information risks where the likelihood of occurrence and the consequences are significant. See appendix A.

• Provide a consistent risk management framework in which information risks will be identified, considered and addressed in key approval, review and control processes

• Encourage pro-active rather than re-active risk management • Provide assistance to and improve the quality of decision making throughout the CCG • Meet legal or statutory requirements • Assist in safeguarding the CCG’s information assets.

3 Accountabilities & Responsibilities for Risk Management 3.1 NHS Rotherham CCG Governing Body 3.1.1 The Governing Body is accountable for the performance management of NHS Rotherham

CCG’s Integrated Risk Management Framework Policy & Procedure and systems of clinical, financial and organisational control, and oversees the overall system of risk management and assurance to satisfy itself that NHS Rotherham CCG is fulfilling its organisational responsibilities and public accountability.

3.1.2 The Governing Body uses the risk management processes outlined in this policy as a means to help it achieve its goals and provides a clear commitment and direction for Risk Management within NHS Rotherham CCG.

3.1.3 The Governing Body has a duty to assure itself that the organisation has properly identified the risks it faces, and that it has processes and controls in place to mitigate those risks and the impact they have on the organisation and its stakeholders. The Governing Body discharges this duty as follows:

• Identifies risks to the achievement of its strategic objectives • Monitors these on an ongoing basis via the Governing Body Assurance Framework • Ensures that there is a structure in place for the effective management of risk throughout

the CCG • Receives assurance regarding risk management within organisations providing services

commissioned by the CCG • Approves and reviews strategies for risk management on a biannual basis • Receives the minutes of the Audit and Quality Assurance Committee, and any items that

have been identified for escalation to the Governing Body • Receives the Risk Register and Assurance Framework twice a year, assures itself of

progress on mitigating actions and assurance regarding the significant risks identified in relation to commissioned services

• Demonstrates leadership, active involvement and support for risk management. 3.1.4 Risks are also considered at other Committees of the Governing Body relevant to their

areas of delegated responsibility. 3.2 Audit & Quality Assurance Committee

3.2.1 The Audit and Quality Assurance Committee is responsible for reviewing the establishment

and maintenance of an effective system of governance, risk management and internal control across the whole of the organisation’s activities (both clinical and non-clinical including information and financial risk) to support the achievement of the organisation’s objectives and to escalate significant strategic risks as appropriate, to the CCG Governing Body.

7

3.2.2 Responsible for agreeing and monitoring the Internal Audit work plan and seeking assurance to ensure development of the Annual Governance Statement.

3.2.3 In particular the group will review the adequacy of:

• All risk and control-related disclosure statements, including the Annual Governance

statement, together with any accompanying head of internal audit statement, external audit opinion or other appropriate independent assurances, prior to endorsement by the Governing Body.

• the policies for ensuring compliance with relevant regulatory, legal and code of conduct requirements and self-certification

• the policies and procedures for all work related to fraud and corruption as required by NHS Protect.

3.3 The Strategic Clinical Executive and GP Members Committee 3.3.1 The eight GP members of the Strategic Clinical Executive and members of the GP

members Committee promote risk management processes, as part of clinical governance, with all Rotherham CCG member practices. This ensures that practices continuously improve and report risks relating to commissioned services to the CCG, and risks relating to primary care to NHS England to ensure that risks are identified and managed.

3.4 The Chief Officer 3.4.1 The Chief Officer is the Accountable Officer and has overall accountability for the

management of risk and is accountable/responsible for:

• Establishing and maintaining an effective risk management system within NHS Rotherham CCG, for meeting all statutory requirements and adhering to guidance issued by the Department of Health in respect of Governance.

• Ensuring a sound system of internal control is maintained that supports the achievements of the organisation’s aims and objectives,

• Continually promoting risk management and demonstrating leadership, involvement and support

• Ensuring an appropriate committee structure is in place, with regular reports to the CCG Governing Body

• Ensuring that the operational executive, strategic clinical executive and senior managers are appointed with managerial responsibility for risk management

• Ensuring appropriate policies, procedures and guidelines are in place and operating throughout the CCG

• Ensuring complaints, claims and health and safety management are managed appropriately.

These responsibilities are delegated to the following individuals:

3.5 Deputy Chief Officer 3.5.1 The Deputy Chief Officer is the executive lead for risk management and has delegated this

responsibility to the Assistant Chief Officer – these responsibilities include:

• Ensuring risk management systems are in place throughout the CCG • Ensuring the Assurance Framework is regularly reviewed and updated and reported to the

Audit and Quality Assurance Committee and the CCG Governing Body • Ensuring that an organisational risk register is established, maintained and reported to the

Audit and Quality Assurance Committee

8

• Ensuring that there is appropriate external review of the CCG’s risk management systems, and that these are reported to the CCG Governing Body

• Overseeing the management of risks as determined by the Executive Team • Ensuring that identified risk mitigation and actions are put in place, regularly monitored and

implemented. 3.5.2 The Deputy Chief Officer is the Senior Information Risk Owner (SIRO) for NHS Rotherham

CCG with responsibility for information risk management. The SIRO is the focus for the management of information risk at Governing Body level.

3.5.2.1 The role of SIRO requires the nominated lead to:

• Lead and foster a culture that values, protects and uses information for the public good. • Own the overall information risk policy and risk assessment process, test its outcome, and

ensure it is used. • Advise the Accountable Officer on the information risk aspects of the Annual Governance

Statement. • Understand how the strategic business goals of NHS Rotherham CCG may be impacted by

information risks. • Act as an advocate for information risk, providing a focal point for the resolution and / or

discussion of information risks. • Ensure that information security threats are followed up and incidents managed through

appropriate action plans. • Provide up-to-date information to the Accountable Officer and Governing Body on

information risks. 3.6 Chief Finance Officer 3.6.1 The Chief Finance Officer has delegated responsibility for financial risk management and

financial governance including those relating to efficiency programmes and the maintenance of key financial controls.

3.7 Chief Nurse 3.7.1 The Chief Nurse has delegated responsibility for managing the development and

implementation of clinical risk management, clinical governance and patient safety including:

• The executive lead responsible for safeguarding adults, safeguarding children and

Infection, Prevention and Control • Managing and overseeing the performance management of serious incidents reported by

the Rotherham NHS Foundation Trust and Rotherham, Doncater and South Humber NHS Trust as per delegated responsibility by NHS England.

• Ensuring that processes are in place to provide assurance with regard to clinical risk management within commissioned services, this includes (but not exclusively), patient safety regarding commissioned services in line with local and national legislation and guidance

• Collating intelligence from the Strategic Clinical Executive GPs with responsibility for quality of primary care, secondary care and mental health services.

3.7.2 The Chief Nurse is also the Caldicott Guardian. The Caldicott Guardian is an advisory role,

and is the conscience of the organisation, providing a focal point for patient confidentiality & information sharing issues and is concerned with the management of patient information.

3.8 Head of Health Informatics

9

3.8.1 The Head of Health Informatics has delegated responsibility for the development and implementation of Information Technology risk management.

3.9 Assistant Chief Officer 3.9.1 Responsibilities include:

• Ensuring that systems are maintained to manage health, safety & security risk effectively. • Being the Nominated Competent Person for all Health, Safety & Security issues. • Providing expert advice and training on risk, health and safety and security. • Ensuring health and safety, fire and security incidents are investigated appropriately and

trends identified. • Liaising with the Health and Safety Executive and other external organisations e.g. South

Yorkshire Fire & Rescue Service. • Ensuring that notification to external agencies regarding serious incidents takes place (e.g.

RIDDOR). • Providing update reports on health & safety, fire safety and security risk.

3.10 Clinical Chair of CCG Governing Body, Vice Chair of CCG Governing Body, GPs with

lead responsibility for Primary Care Quality, Secondary Care, Mental Health Quality, Children’s and Adult Safeguarding

3.10.1 The individuals identified above have responsibility for identifying risks in their specific

areas and discussing these with the Chief Nurse to ensure that assessment and mitigation is carried out providing assurance to the CCG Governing Body via the Audit and Quality Assurance Committee.

3.11 Project Support Officer 3.11.1 The Project Support Officer has responsibility for:

• Ensuring that an organisational Risk Register and a Governing Body Assurance Framework are developed and maintained and reviewed by the Executive Team

• Ensuring that risks are reviewed on a quarterly basis by the senior managers designated as risk holders

• Ensuring that the Operational Executive have the opportunity to review risks regularly • Providing advice on the risk management process • Ensuring that the CCG Assurance Framework and Risk Register are up to date for the

CCG Governing Body and Audit and Quality Assurance Committee • Working collaboratively with Internal Audit • Ensuring that the Integrated Risk Management Policy is updated on a three yearly basis

and approved by the CCG Governing Body. 3.12 All Senior and Line Managers 3.12.1 Senior and Line Managers are responsible for incorporating risk management within all

aspects of their work and for directing the implementation of the CCG Integrated Risk Management Policy by:

• Demonstrating personal involvement and support for the promotion of risk management • Ensuring that staff accountable to them understand and pursue risk management in their

areas of responsibility and are included in the organisational risk register as appropriate • Setting personal objectives for risk management and monitoring their achievement • Identifying and monitoring risks associated with their working practices and their areas of

responsibility.

10

• Ensuring that risk assessments are undertaken throughout their area of responsibility on a proactive basis.

• Implementing and monitoring appropriate risk control measures within their designated areas. Where implementation or risk control measures is beyond the authority or resources available to the manager this should be brought to the attention of their line manager or the Corporate Governance Manager or Assistant Chief Officer.

• Ensuring risks are escalated where they are of a strategic nature • Implementing the framework in relation to Health & Safety and other employment legislation

by: a) Ensuring that they have adequate knowledge and/or access to all legislation relevant to

their area and as advised by appropriate specialist officers ensure that compliance to such legislation is maintained

b) Ensuring that adequate resources are made available to provide safe systems of work c) Ensuring that all employees attend appropriate mandatory training, as relevant to the

role, e.g. Health & Safety, Fire, Moving and Handling and risk management training d) Ensuring that all staff are aware of the system for the reporting of accidents and near

misses e) Monitoring of health and safety standards, including risk assessments, and ensuring that

these are reviewed and updated regularly f) Ensuring the identification of all employees who require Health Surveillance according to

risk assessments; ensuring that where Health surveillance is required no individual carries out those specific duties until they have attended the Occupational Health Department and have been passed fit

g) Ensuring that the arrangements for the first-aiders and first aid equipment required within the organisation are complied with. That the location of first aid facilities are known to employees; ensuring that proper care is taken of casualties and that employees know where to obtain appropriate assistance in the event of serious injury

h) Making adequate provision to ensure that fire and other emergencies are appropriately dealt with.

3.13 All Staff 3.13.1 All staff working for the CCG are responsible for:

• Being aware that they have a duty under legislation to take reasonable care of their own safety and the safety of others who may be affected by the CCG’s business and to comply with appropriate CCG rules, regulations, instructions, policies, procedures and guidelines

• Taking action to protect themselves and others from risks • Identifying and reporting risks to their line manager • Ensuring incidents, claims and complaints are reported using the appropriate procedures

and channels of communication • Co-operating with others in the management of the CCG’s risks • Attending mandatory and statutory training as determined by the CCG or their Line

Manager • Being aware of emergency procedures relating to their particular locations • Being aware of the CCG’s Integrated Risk Management Policy and complying with the

procedures. 3.14 Contractors, Agency and Locum Staff 3.14.1 Managers must ensure that where they are employing or contracting agency and locum

staff they are made aware of and adhere to, all relevant policies, procedures and guidance of the CCG, including the CCG Incident reporting policy and procedure and the Health and Safety Policy they must also:

• Take action to protect themselves and others from risks

11

• Bring to the attention of others the nature of risks which they are facing in order to ensure that they are taking appropriate protective action.

4 Risk Management Framework 4.1 The CCG will put in place a framework to support the management of risk. This policy

outlines this framework which includes: 4.2 Governing Body Assurance Framework 4.2.1 The CCG will establish, populate and maintain an Assurance Framework that identifies the

strategic objectives of the CCG and the risks that could threaten their achievement, and is reported on a regular basis to the executive team, Audit and Quality Assurance Committee and CCG Governing Body via the Corporate Assurance Report.

4.2.2 NHS Rotherham Strategic Objectives are:

Quality - improving safety, patient experience and outcomes and reducing variations

Delivery – leading system wide efficiency programmes that consistently achieve measurable Improvements whilst meeting our financial targets

Assurance - having robust internal constitutional and governance arrangements, ensuring that providers’ services are safe and ensuring vulnerable people have effective safeguarding

Safeguarding – ensuring all children and vulnerable adults are protected from harm, including implementing all actions on Child Sexual Exploitation from the Jay and Casey reports.

4.3 Risk Register

4.3.1 The CCG will establish, populate and maintain an organisation Risk Register that profiles all operational risks relating to the business planning and delivery of services and is reported on a regular basis to the executive team, Audit and Quality Assurance Committee and CCG Governing Body via the Corporate Assurance Report.

4.4 Issues Log

4.4.1 The CCG will establish, populate and maintain an organisation Issues Log that profiles all

the current issues relating to the CCG and is reported on a regular basis to the executive team, Audit and Quality Assurance Committee and CCG Governing Body via the Corporate Assurance Report.

4.5 Corporate Assurance Report 4.4.1 The Corporate Assurance Report provides a framework which incorporate reports from

individual areas within the organisation providing assurance and information on risks and possible escalation.

• A copy of the format of the organisational Risk Register is attached at appendix A • A copy of the format of the Governing Body Assurance Framework is attached at appendix

B • A copy of the structure for risk management is attached at appendix C.

5 Open and Fair Culture

12

5.1 The CCG supports an open, fair and a positive learning culture. A culture of openness is central to improving patient safety and the quality of healthcare systems. Encouraging openness and honesty about how and why things have gone wrong will help improve the safety of NHS services.

5.2 However, disciplinary action may be appropriate to be considered in the following

circumstances:

• Repeat occurrences of incidents involving the same individual • Deliberate failure to report an incident • Failure to co-operate fully in subsequent investigation.

5.3 All employees should be familiar with Rotherham CCG’s whistle-blowing and bullying and

harassment policies and procedures. These procedures support staff to raise concerns in accordance with the Public Interest Disclosure Act 1998.

6 Training and Support 6.1 To ensure the successful implementation and maintenance of this Integrated Risk

Management Policy, Governing Body members and staff will have access to appropriate advice, guidance, information and training in order to carry out their respective responsibilities for risk control and risk assessment.

6.2 All staff will receive mandatory training annually in Health, Fire & Safety, including risk

assessment and management and Information Governance, via the CCG’s mandatory learning and development programme.

6.3 General awareness raising for staff is also undertaken through staff briefings, staff

newsletters, induction programmes and inclusion of relevant documents on the Intranet. The Integrated Risk Management Policy is accessible to staff via Rotherham CCG’s Intranet and on the public internet.

7 Consultation and Communication with Stakeholders 7.1 It is good practice to involve stakeholders, as appropriate, in all areas of Rotherham CCG’s

activities, and this includes informing and consulting on the management of any significant risks. Interested parties would include:

• Staff, NHS England, Patients and the Public within Rotherham CCG’s area • Local politicians and the Secretary of State for Health • Rotherham Partnership • Statutory and Voluntary agencies • Local Authority Health Scrutiny Committee • Primary Care Practices • Patient and Public Involvement Forum/HealthWatch • Health and Wellbeing Board.

7.2 A wide range of communication and consultation mechanisms already exist with relevant

stakeholders, both internal and external. General public awareness raising of Rotherham CCG’s Integrated Risk Management Policy will be achieved through its presentation at CCG Governing Body meetings, which are all open to the public, in the Annual Report, posting on Rotherham CCG’s Website and through HealthWatch.

8 Monitoring the Effectiveness of this Policy

13

8.1 The CCG monitors and reviews its performance in relation to the management of risk, and the continuing suitability and effectiveness of the systems and processes in place to manage risk through a programme of internal and external audit work, and through the oversight of the CCG Governing Body, Executive Team and Audit and Quality Assurance Committee.

9 Review and Revision of the Policy 9.1 This Integrated Risk Management Policy is a working document and will be reviewed on a

biannual basis, and in accordance with the following on an as and when required basis:

• Legislatives changes • Good practice guidelines • Case Law • Significant incidents reported • New vulnerabilities identified • Changes to organisational infrastructure • Changes in practice

10 Dissemination and Implementation 10.1 This document will be made available to all employees via the CCG intranet. 11 Equality and Diversity 11.1 The CCG aims to design and implement services, policies and measures that meet the

diverse needs of our service, population and workforce, ensuring that none are placed at a disadvantage over others. All policies and procedures should be developed in line with the CCG’s Equality and Diversity policies and need to take into account the diverse needs of the community that is served.

12 Associated CCG documentation

• Policy for the reporting and management of incidents and near misses including SIs and Never Events

• Complaints Policy • Procedure for the Management of Claims • Health and Safety Policy.

14

Integrated Risk Management Procedure 13 The Risk Management Process 13.1 Risk Management is a continuous process, ensuring NHS Rotherham CCG works within

the legal and regulatory framework, identifying and assessing possible risks facing the organisation, and planning to prevent and respond to these. The process of risk management covers the following 5 steps to risk assessment:

14 Risk Identification 14.1.1 Step 1 in the “Five steps to Risk Assessment” (http://www.hse.gov.uk/risk/controlling-

risks.htm) is to identify the risk. We cannot manage our risks effectively until we know what the risks are. Risk identification is therefore vital to the organisational success of the risk management process.

14.1.2 All staff within NHS Rotherham CCG may identify risks through the course of their work and

their interaction with patients, the public, partner organisations and other key stakeholders. 14.1.3 Risk identification should take place on a continual basis but particularly where new

activities are planned, new legislation or NHS policy requirements are identified, at the initiation of projects or where incidents or near misses have taken place. Committees of the Governing Body should consider any risks emerging from discussions within the meeting.

14.2 Methods for identifying and managing levels of risk would include: 14.2.1 Internal methods, such as; Incidents, complaints, claims and audits, project risks based on

the achievement of project objectives, patient satisfaction surveys, risk assessments, surveys including staff surveys, whistle-blowing. Contract quality monitoring of commissioned services.

14.2.2 External methods, such as; Media, national reports, new legislation, NPSA surveys, reports

from assessments/inspections by external bodies, reviews of partnership working. 14.2.3 All identified risks will be recorded and managed through the organisational Risk Register

and risks identified which could impact on the achievement of the CCG’s strategic objectives are recorded and managed through the Assurance Framework.

14.2.4 Risk identification is also obtained from member practices through practice visits, locality

meetings, GP Members Committee meetings, patient engagement forums, practice feedback forums and practice managers meetings.

15 Assess the Risk 15.1 Step two in the Five steps to Risk Assessment is identifying the people who are at risk from

each of the identified risks. The main categories of people who are affected by risks are: • Employees

http://www.hse.gov.uk/risk/controlling-risks.htm

http://www.hse.gov.uk/risk/controlling-risks.htm

15

• Patients • Visitors to the premises • Contractors working on the premises • “Others” which covers particularly vulnerable groups who may be more at risk than others,

such as pregnant women or inexperienced staff. • The corporate body e.g. through reputational risks.

16 Evaluation of Risk 16.1 Step 3 in the Five Steps to Risk Assessment is evaluating the risk. Employees are required

to make suitable and sufficient assessments of significant risks that arise out of work activity so as to implement preventative and protective measures. All new activities/programmes/projects must have a formal risk assessment undertaken as part of the implementation of the activity/programme/project. Risk analysis is also required on the coversheet of all formal papers to the Governing Body and Committees.

16.2 In order to score risks systematically so that they can be classified and remedial action can

be prioritised, it is necessary for all risks to be quantified using a standard methodology. The full risk assessment scoring methodology (risk matrix) for the CCG is shown in Appendix D and should be used for all risk assessments within the organisation. To use the tool it is necessary to identify the consequences and the likelihood of occurrence of harm from the risk. From this, the level of risk can be calculated as a score.

Consequence x Likelihood = Risk Score

16.3 The consequence score is derived from the most probable consequence of a particular risk

occurring, and not from the worst imaginable and extremely improbable consequence of a particular risk occurring. Once set, it is unusual for the consequence score to change over time.

16.4 The likelihood score is derived from the likelihood of the risk occurring following the

implementation of controls. Controls are measures which are in place to control the risk and reduce its likelihood of occurring. Controls can be:

• Preventative (controls which stop the risk occurring e.g. access controls, financial

authorisation levels). • Detective (controls which identify if the risk is threatening to occur e.g. performance

monitoring reports). • Directive (controls such as instructions or guidance which aim to reduce the likelihood of the

risk occurring e.g. policies, training). 16.5 When scoring risks, an “uncontrolled risk score” is the score if there were no controls in

place. This helps the CCG to prioritise risks. The “actual risk score” is the risk score with the current controls in place.

16.6 This allows construction of a risk matrix which can be used as the basis of identifying

acceptable and unacceptable risk as discussed below. 17 Risk Appetite and unacceptable risk 17.1 The UK Corporate Governance Code states that “the board is responsible for determining the

nature and extent of the significant risk it is willing to take in achieving its strategic objectives” 17.2 Risk Appetite is defined as: “The amount and type of risk that an organisation is willing to

take in order to meet their strategic objectives”. The lower the risk appetite the more the CCG is willing to accept in terms of risk and tolerate in its efforts to achieve its strategic objectives.

16

17.3 The CCG understands there is a balance to be struck between risk and reward and recognises that as a Commissioner there are sometimes constraints that limit the control measures that can be established to manage risks, particularly when CCG risks relate to third parties (i.e. provider organisations)

17.4 The CCG Risk appetite and levels of unacceptable risk will be developed by the Governing

Body and reviewed in line with the review of the GBAF. 17.5 The current CCG risk appetite linked to the risk matrix is shown in the table below Table 1 – NHS Rotherham CCG Risk Appetite

Ref Strategic Objective Risk Appetite 1 Quality - improving safety, patient experience and

outcomes and reducing variations Currently 11 Will be developed during the GB development session March 2017

2 Delivery – leading system wide efficiency programmes that consistently achieve measurable Improvements whilst meeting our financial targets

Currently 11 Will be developed during the GB development session March 2017

3 Assurance - having robust internal constitutional and governance arrangements, ensuring that providers’ services are safe and ensuring vulnerable people have effective safeguarding


4 Safeguarding – ensuring all children and vulnerable adults are protected from harm, including implementing all actions on Child Sexual Exploitation from the Jay and Casey reports.


Table 2 – NHS Rotherham CCG Risk Matrix

Risk Matrix

Likelihood

(1) Rare

(2) Unlikely

(3) Possible

(4) Likely

(5) Almost certain

Con

sequ

ence

(1) Negligible 1 2 3 4 5

(2) Minor 2 4 6 8 10

(3) Moderate 3 6 9 12 15

(4) Major 4 8 12 16 20

(5) Extreme 5 10 15 20 25

Table 3 – Risk Appetite

Risk Score

Risk Descriptor

Risk Appetite Statement

1-5 Low Averse Avoidance of risk and uncertainty is a key organization objective.

6-11 Medium Minimal Preference for ultra-safe options that are low risk and only have a potential for limited reward.

12-15 High Cautious Preference for safe options that have a low degree of risk and may only have limited potential for reward.

16-20 Very High Open Willing to consider all potential options and choose the one

17

most likely to result in successful delivery, while also providing an acceptable level of reward and value for money.

25 Extreme Hungry Eager to be innovative and to choose options offering potentially higher business rewards, despite greater inherent risk.

17.6 NHS Rotherham CCG regards any risk with a score of 11 or below to be an acceptable

level of risk for toleration by the organisation. This does not preclude actions being taken to further mitigate risks to the lowest practicable level.

18 Risk Assurance/Control 18.1 In risk management terms, “assurances” are those measures which are in place to check

that the key controls for the risk are operating effectively e.g. reports, audits. Assurances can be broken down into:

• Internal assurances such as internal reports. • External assurances such as the independent External and Internal Audit Reports. • Positive assurances: validated proof that the assurances are working and the risk is

controlled. 18.2 Gaps in control or assurance are those that, if addressed, would reduce the risk score.

Once scored and gaps identified, risks can be:

• Treated (via an action plan). In many cases action can be taken to change the way in which activities are carried out in order to reduce the risk identified. All risks scored as 12 or over must be treated. See also the risk hierarchy below.

• Tolerated: Low and medium risks can be accepted as requiring no further action. On reviewing this type of risk, it may however be decided that some further cost effective action would reduce the risk score still further. Action on this level of risk is a lower priority.

• Transferred (e.g. to another organisation). NHS Rotherham CCG is a member of the Liabilities to Third Parties (LTPS), Property Expenses Scheme (PES) and Clinical Negligence Scheme for Trusts (CNST) risk pooling schemes run by the NHS Litigation Authority (NHSLA). This membership transfers some financial risk to these risk pooling schemes. Not all risks are suitable for risk transfer.

• Terminated. It may be decided that a particular risk should be avoided altogether. This may involve ceasing the activity giving rise to the risk.

18.3 Risk treatment generally follows the following sequence (called the “Hierarchy of Controls”), starting at the top and working down the hierarchy.

• Can the risk be eliminated entirely? E.g. remove and condemn a piece of equipment that

keeps shorting out and poses the risk of electric shock. • Can we make a substitution, substituting one item for another that is less harmful? E.g. for

example substituting a detergent for a corrosive cream cleaner. • Can we put in place physical or mechanical engineering controls such as guards,

barriers and isolation. • Can we put in place administrative controls such as supervision or training, information

and induction, policies, protocols and safe systems of work to ensure that people working with risks are suitable informed and trained and know what to do if something goes wrong.

• Finally, can we use personal protective equipment (PPE) such as gloves, aprons and masks.

18.4 Where risk treatment plans require significant additional funding above that available within

individual budgets or within NHS Rotherham CCG contingencies under the delegated

18

authority of the Chief Finance Officer, or changes to the working patterns of NHS Rotherham CCG, these decisions will be made by the Governing Body.

18.5 Risk assessments are carried out for a variety of activities, however, additional risk

assessments must be carried out by Line Managers or other corporate persons in accordance with the following:

• Health and Safety • Control of Substances Hazardous to Health (COSHH) • Display Screen Equipment • Moving & Handling • Work Equipment • Personal Safety • Fire Safety • Pregnancy & Maternity

18.6 Line Managers are responsible for implementing and monitoring any identified appropriate

risk control measures within their designated areas. Where implementation or risk control measures are beyond the authority or resources available to the line manager, this should be brought to the attention of the Health & Safety Lead or Corporate Governance Manager as appropriate. Clinical risks including patient safety and safeguarding risks must be notified to the Chief Nurse (or equivalent).

19 Record the risk All risk assessments must be recorded on NHS Rotherham CCG’s approved risk assessment templates as detailed below.

Assurance Framework

The Assurance Framework is used for recording strategic risks (i.e. risks affecting achievement of the CCG’s strategic objectives). The Assurance Framework is coordinated by the Project Support Officer, to whom risks should be reported. The Assurance Framework will be regularly reviewed and updated (at least quarterly) by the Assistant Chief Officer/Project Support Officer in liaison with Leads identified on the Framework and updates reported quarterly to the Governing Body. The Framework will also be regularly reported to and reviewed by the Audit and Quality Assurance Committee. The Assurance Framework template is shown at Appendix B.

Risk Register

The Risk Register is used for recording operational directorate-level risks (risks which underpin strategic Assurance Framework risks). The Risk Register is coordinated by the Project Support Officer, to whom risks should be reported. The Risk Register will be regularly reviewed and updated (at least quarterly) by the Project Support Officer/Assistant Chief Officer in liaison with Leads identified on the Register and updates reported quarterly via the Corporate Assurance Report to the Governing Body. The Register will also be reported to and reviewed by the Audit and Quality Assurance Committee on an annual basis. The Risk Register template is shown at Appendix A.

19

Generic risk assessments

Generic risk assessments can be undertaken for areas where none of the other risk templates apply e.g. specific public engagement events. Risks arising out of generic risk assessments should be reported appropriately to the Assistant Chief Officer, Corporate Services Manager, Project Lead or Health & Safety Lead dependant on the nature and severity of the risk. The generic risk assessment template is shown at Appendix E.

Specific risk assessments

There are a range of specific risks assessments which may be required. This is not an exclusive list – see individual procedural documents for further details and reporting arrangements.

• Health and Safety • Control of Substances Hazardous to Health (COSHH) • Display Screen Equipment • Moving & Handling • Work Equipment • Personal Safety • Fire Safety • Pregnancy & Maternity

20 Review the risk 20.1 All risk assessments should be reviewed on a regular basis or when activities change. 20.2 The nominated lead as detailed in Step 4 is responsible for updating any changes to the

risk assessment (whether on the Assurance Framework or Risk Register) and ensuring that actions are implemented. Identified risks will be reviewed on the following basis:

Score Category Review frequency

1-5 Low Annually 6-11 Medium 6-monthly 12-15 High Quarterly 16-20 Very High Monthly

25 Extreme Monthly 20.3 The assurance process is the process which NHS Rotherham CCG is required to

undertake to ensure a sound system of internal control is maintained which supports the achievement of the organisation’s policies and objectives. The system of internal control is designed to manage risk to a reasonable level rather than to eliminate all risk; it can therefore only provide reasonable and not absolute assurance of effectiveness. The system of internal control is based on an on-going process designed to:

• Identify and prioritise the risks to the achievement of the organisation’s policies, aims and

objectives. • Evaluate the likelihood of those risks being realised and the impact should they be realised,

and to manage them efficiently, effectively and economically. 20.4 NHS Rotherham CCG is committed to establishing and maintaining assurance processes to

ensure an adequate level of assurance is provided which will enable the Accountable Officer (Chief Officer) to sign the Annual Governance Statement. NHS Rotherham CCG will ensure there is Governing Body approved Assurance Framework which:

20

• Covers all of NHS Rotherham CCG’s main activities. • Identifies which objectives NHS Rotherham CCG is aiming to achieve. • Identifies the risks to the achievement of those objectives. • Evaluates and assesses those risks and records them appropriately. • Identifies and examines the system of internal control in place to manage the risks. • Identifies and examines the review and assurance mechanisms which relate to the

effectiveness of the system of internal control. • Records the actions taken by NHS Rotherham CCG to address gaps in control and

assurance. 21. Information Risk Management 21.1 The principles of information security require that all reasonable care is taken to prevent

inappropriate access, modification or manipulation of data from taking place. In the case of the NHS, the most sensitive of our data is patient record information. In practice, this is applied through three cornerstones - confidentiality, integrity and availability.

• Information must be secured against unauthorised access – confidentiality. • Information must be safeguarded against unauthorised modification – integrity. • Information must be accessible to authorised users at times when they require it –

availability. 21.2 Information security risk is inherent in all administrative and business activities and

everyone working for or on behalf of the organisation continuously manages information security risk. The aim of information security risk management is not to eliminate risk, but rather to provide the structural means to identify, prioritise and manage the risks involved in organisational activities. It requires a balance between the cost of managing and treating information security risks with the anticipated benefits that will be derived.

21.3 The Trust Information Risk Owner (SIRO) is responsible for coordinating the development

and maintenance of information risk management policies, procedures and standards for the CCG.

21.4 CCG Information Asset Owners (IAOs) ensure that information risk assessments are

performed regularly on all information assets where they have been assigned ‘ownership’, following guidance from the SIRO on assessment method, format, content, and frequency.

21.5 Information risk assessments should be performed on a regular basis for key information

systems and critical information assets. Information Risk assessments must also be undertaken at the following times:

• At the inception of new systems, applications and facilities that may impact the assurance

of NHS Rotherham CCG Information or Information Systems. • Before enhancements, upgrades, and conversions associated with critical systems or

applications. • When NHS policy or legislation requires risk determination. • When the NHS Rotherham CCG Management team / Governing Body requires it.

21.6 Information incident reporting will be in line with the organisation’s Incident Management

Policy. All very high and extreme information risks should be reported to and discussed with the Senior Information Risk Owner (SIRO) as soon as they are identified. The Senior Information Risk Owner (SIRO) will coordinate and monitor implementation of an annual Information Security Management and Assurance Plan.

21

22. Embedding Risk Management 22.1 The effective implementation of this Integrated Risk Management Framework, Policy &

Procedure will facilitate the delivery of quality commissioning and, alongside staff training and support, will provide an improved awareness of the measures needed to prevent, control and contain risk.

22.2 NHS Rotherham CCG ensures stakeholders are involved in managing risks which impact

on them by the following mechanisms:

• Communication, Engagement and Experience Strategy. • Commissioning arrangements involving a wide range of partner NHS organisations. • Joint commissioning arrangements with the local authority. • Governing Body meetings held in public. • Patient Experience data. • Publication of the Integrated Risk Management Framework Strategy, Policy & Procedure

with its key partners and the public through the NHS Rotherham CCG website. • Meeting the public sector Equality Duties.

22

Appendix A: Risk Register Template Ref Entry date

Lead

Person Risk

Description Risk

Cause Risk

Consequence Risk

rating

Assurance & Actions

Date reviewed

L C T

Appendix B: Governing Body Assurance Framework (EXAMPLE)

Objective: NHSE Domains: Committee providing

assurance

Better Health

Better Care Executive lead(s)

Sustainability

Leadership Clinical / Lay Lead

What are the key enablers / deliverables to support this objective? Principal threat(s) to delivery of the objective

Risk rating Likelihood Consequence Total

Date reviewed

Initial Rationale:

Current

Appetite

Approach Treat

Key controls to mitigate threat: Sources of assurance Rec'd?

Gaps in control Positive assurances received

Gaps in assurance Actions being taken to address gaps in control / assurance

SCORE: A M J J A S O N D J F M

Likelihood

Consequence

Risk rating

Tolerance

Appendix C: Structure for Risk Management `

NHS Rotherham Clinical

Commissioning Group Governing

Body

Audit and Quality

Assurance Committee

• Chaired by lay member of CCG Governing Body.

• Covers audit, risk, serious incidents, quality and patient safety

• Includes representatives from internal and external audit, fraud

• Ensures assurance can be provided to CCG Governing Body regarding risk

Operational Executive and Strategic Clinical Executive

25

Appendix D: Risk Scoring Matrix

Risk Scoring Matrix Table 1 Consequence score (C) Choose the most appropriate domain for the identified risk from the left hand side of the table. Then work along the columns in same row to assess the severity of the risk on the scale of 1 to 5 to determine the consequence score, which is the number given at the top of the column.

Consequence score (severity levels) and examples of descriptors 1 2 3 4 5

Domains Negligible Minor Moderate Major Extreme

Patient and staff safety

Minimal injury requiring no /

minimal intervention or

treatment.

No time off work

Minor injury or illness, requiring

minor intervention

Requiring time off work for >3 days

Moderate injury requiring

professional intervention

Requiring time off

work for 4-14 days. RIDDOR

reportable incident

An event which

impacts on a small number of

patients

Major injury leading to long-term incapacity /

disability

Requiring time off work for >14 days

Mismanagement of patient care with long-term

effects

Incident leading to death

Multiple

permanent injuries or

irreversible health effects

An event which

impacts on a large number of

patients

Quality

Peripheral element of

treatment or service

suboptimal

Informal complaint/

inquiry

Overall treatment or service suboptimal

Formal complaint

Local resolution

Single failure to

meet internal standards

Minor

implications for patient safety if

unresolved

Reduced performance

rating if unresolved

Treatment or service has significantly

reduced effectiveness

Local resolution (with potential to

go to independent

review)

Repeated failure to meet internal

standards

Major patient safety

implications if findings are not

acted on

Non-compliance with national

standards with significant risk to

patients if unresolved

Multiple

complaints / independent

review

Low performance rating

Critical report

Unacceptable level or quality of

treatment / service

Gross failure of patient safety if

findings not acted on

Inquest / ombudsman

inquiry

Gross failure to meet national

standards

Human Resources /

Organisational Development

Short-term low staffing level that

temporarily reduces service quality (< 1 day)

Low staffing level that reduces the service quality

Late delivery of key objective/ service due to

lack of staff

Unsafe staffing level or

competence (>1 day)

Low staff morale

Poor staff

attendance for mandatory/key

Uncertain delivery of key

objective/service due to lack of

staff

Unsafe staffing level or

competence (>5 days)

Loss of key staff

Very low staff

morale

Non-delivery of key

objective/service due to lack of

staff

Ongoing unsafe staffing levels or

competence

Loss of several key staff

No staff attending

mandatory

26

Consequence score (severity levels) and examples of descriptors 1 2 3 4 5

Domains Negligible Minor Moderate Major Extreme training

No staff attending mandatory/ key

training

training /key training on an ongoing basis

Statutory duty / inspections

No or minimal impact or breech

of guidance/ statutory duty

Breech of statutory

legislation

Reduced performance

rating if unresolved

Single breech in statutory duty

Challenging

external recommendations / improvement

notice

Enforcement action

Multiple breeches in statutory duty

Improvement

notices

Low performance rating

Critical report

Multiple breeches in statutory duty

Prosecution

Complete

systems change required

Zero

performance rating

Severely critical

report

Adverse publicity /

Reputation

Rumours

Potential for public concern

Local media coverage – short-term

reduction in public confidence

Elements of

public expectation not

being met

Local media coverage – long-term

reduction in public confidence

National media coverage with <3 days service well below reasonable

public expectation

National media coverage with >3 days service well below reasonable

public expectation. MP

concerned (questions in the

House)

Total loss of public confidence

Business Objectives

Insignificant cost increase / schedule slippage

<5 per cent over project budget

Schedule slippage

5–10 per cent over project

budget

Schedule slippage

Non-compliance with national 10–25 per cent over project budget

Schedule slippage

Key objectives

not met

Incident leading >25 per cent over

project budget

Schedule slippage

Key objectives

not met

Finance Small loss Risk of claim remote

Loss of 0.1–0.25 per cent of

budget

Claim less than £10,000

Loss of 0.25–0.5 per cent of

budget

Claim(s) between £10,000 and

£100,000

Uncertain delivery of key

objective/Loss of 0.5–1.0 per cent

of budget

Claim(s) between £100,000 and £1

million

Purchasers failing to pay on

time

Non-delivery of key objective/ Loss of >1 per cent of budget

Failure to meet specification/

slippage

Loss of contract / payment by

results

Claim(s) >£1 million

Service / business

interruption

Impact on environment

Loss/interruption of >1 hour

Minimal or no impact on the environment

Loss/interruption of >8 hours

Minor impact on

environment

Loss/interruption of >1 day

Moderate impact on environment

Loss/interruption of >1 week

Major impact on

environment

Permanent loss of service or

facility

Extreme impact on environment

27

Table 2 Likelihood score (L) What is the likelihood of the consequence occurring? The frequency-based score is appropriate in most circumstances and is easier to identify. It should be used whenever it is possible to identify a frequency.

Likelihood score 1 2 3 4 5

Descriptor Rare Unlikely Possible Likely Almost certain

Frequency How often

might it / does it happen

This will probably

never happen/recur

Do not expect it to

happen/recur but it is

possible it may do so

Might happen or recur

occasionally

Will probably happen/recur but it is not a

persisting issue

Will undoubtedly

happen / recur, possibly

frequently

Probability Percentage likelihood of occurrence

0-5% 6-20% 21-50% 51-80% 81-100%

Table 3 Risk scoring = consequence x likelihood ( C x L ) Calculate the risk score by multiplying the consequence score by the likelihood score.

Risk Matrix

Likelihood

(1) Rare

(2) Unlikely

(3) Possible

(4) Likely

(5) Almost certain

Con

sequ

ence

(1) Negligible 1 2 3 4 5

(2) Minor 2 4 6 8 10

(3) Moderate 3 6 9 12 15

(4) Major 4 8 12 16 20

(5) Extreme 5 10 15 20 25

1-5 Low

6-11 Medium 12-15 High 16-20 Very High

25 Extreme The CCG risk tolerance/appetite under which risks can be tolerated is a score of 11 or below where the assessment has been undertaken following the implementation of controls and assurances.

Appendix E Generic Risk Assessment Template

Risk Assessment

Area/Task: Date:

Persons Assessing the Risks: Overall Score Ref No:

Activity/Task/Area Hazard Identified Likelihood

1 – 5

Consequence

1 – 5

Risk Rating

Controls in place (including PPE as a last

resort)

Recommended Additional Controls

Post Risk

Rating

Note: You should rate the risks on the basis of the current controls in place 1.

2.

3.

4

5.

6.

7.

8.

9.

10.

04/04/2017 NHS Rotherham CCG Governing Body Assurance Framework 2016-17

JK - JB

Risk rating Likelihood Consequence TotalInitial 3 4 12CurrentAppetiteApproach

Rec'd?OngoingOngoing

SCORE: F M A M J J A S O N D JLikelihood 3Consequence 4Risk rating 12Tolerance 12

INA Framework Quality Premium CQC inspection of all providers

Objective 1: Quality - improving safety, patient experience and outcomes and reducing variations

NHSE Domains: Committee providing assurance

Leadership Gp Lead / Lay LeadWhat are the key enablers / deliverables to support this objective?

AQUABetter HealthBetter Care Executive lead(s) SC/IASustainability

Principal threat(s) to delivery of the objectiveImproved outcomes for patients Improved performance by providers in delivery of all key performance measures

Activity growth in A&EFailure to deliver system wide efficiency programme for unscheduled care. Suboptimal care for patients resulting in poor outcomes

Date reviewed 15.02.17Rationale: Historic poor performance by TRFT, RDaSH and YAS against some key quality measures means failure is possible

Treat

Key controls to mitigate threat: Sources of assurance A&E Delivery Board Meeting minutes and actions Monthly Contract Quality meetings - Quality lead, GP lead and Contract lead Monthly Governing Body report

Delegated responsibility for Commissioning Primary Care Services Primary Care Commissioning Minutes

No assurance regarding YAS performance

Gaps in control Positive assurances receivedNo assurance regarding YAS performance Commissioning Plan Performance reportGaps in assurance Actions being taken to address gaps in control / assurance

0

20

A M J J A S O N D J F M


RC/JK - JB


Rec'd?OngoingOngoingOngoing Ongoing


Unscheduled Care QUIPP Group Minutes and action log

IAPT and CAMHS transformation Commissioning Plan Performance Report

MH IAPT / dementia transformation

Community Transformation Group Minutes and action logClinical Referrals Management Committee Minutes and action log

Gaps in assurance Actions being taken to address gaps in control / assurance


Primary Care Quality Contract

Clinical thresholds Lack of skill and capacity to roll out

Completion of capital build for the Urgent & Emergency Care Centre Delivery of new model in pressured environment

Objective 2: Delivery – leading system wide efficiency programmes that consistently achieve measurable improvements whilst meeting our financial targets

NHSE Domains:

Lack of data for some KPI's in the Commissioning Plan Performance Report

Key controls to mitigate threat: Sources of assurance Emergency Centre Sponsoring Group - Contract Group Minutes and action log

Finance & Contracting Report


Date reviewed 15.02.17Rationale: Deliver CCG Commissioning plan identified key priorities and progress against those priorities within 15 priority areas.

Treat

Implementation of locality village Delivery of medicines waste agenda

Leadership

Committee providing assurance AQUABetter HealthBetter Care Executive lead(s) IASustainability

GP Lead / Lay Lead

0

10

20



RC - JB


Rec'd?

Reports


Monthly report on contract quality to GB

Serious incident reports reported onto STEISSafeguarding Standards included in provider contracts

Reports received as appropriateCCG and Providers Membership of Rotherham wide safeguarding boards, and all sub groups Minutes of meetings and sub groups and annual report

Services commissioned safeguard vulnerable clients including safeguarding in all commissioned services

Services commissioned do not appropriately deliver to vulnerable people

Annual Internal Audit opinion Delivery of annual internal audit plan Contract quality processes e.g. well defined leads for all major contractsPerformance management key indicators

Raised at exec to exec meeting Multi agency work to improve process for IHA for LAC plus peer review from Sheffield CCG Designated D

Low achievement of intitial health assessments for LAC Patient Safety & Quality Assurance reportSafeguarding Adults Review

Gaps in assurance Actions being taken to address gaps in control / assuranceLow attendance at TRFT contract quality meetings Escalation to contract performance executive members

Objective 3: Assurance - having robust internal constitutional and governance arrangements, ensuring that providers’ services are safe and ensuring vulnerable people have effective safeguarding

NHSE Domains:


Serious Case Reviews

Key controls to mitigate threat: Sources of assurance Safeguarding team, including designated nurse and Dr, named GP & safeguarding adults lead


Date reviewed 15.02.17Rationale: Concerns regarding care homes in Rotherham have been raised in the Patient Safety & Quality Assurance report.

Treat

Leadership

Committee providing assurance AQUABetter HealthBetter Care Executive lead(s) CE/SCSustainability

GP Lead / Lay Lead

0

20



JK - JB


Rec'd?OngoingOngoing


annual report

Gaps in assurance Actions being taken to address gaps in control / assuranceEvidence base for post abuse and pre trial support working with NHSE, RDaSH and RMBC to identify unmet need and develop appropriate processes

CCG safeguaring annual report to GB and monthly updates

Levels of safeguarding training in Primary Care and other commissioned services

Rotherham Local Safeguarding Children's Board All staff training and awareness including GP staff

Minutes Training figures for CCG staff and CQC reports

ReportGaps in control Positive assurances receivedUnaware of unmet need for post abuse support for historic cases or pre trial support for current cases Patient Safety & Quality Assurance Report monthly to GB

CQC reportsWinterbourne submission

CQUIN to reward additional reporting of safeguarding training

Objective 4: Safeguarding – ensuring all children and vulnerable adults are protected from harm, including implementing all actions on Child Sexual Exploitation from the Jay and Casey reports.

NHSE Domains:

Key controls to mitigate threat: Sources of assurance Rotherham Safeguarding Adults Board Minutes

Named GP and adult safeguarding lead Designated Doctor and Designated Nurse for Safeguarding children


Date reviewed 15.02.17Rationale: In response to the Jay and Casey reports

Tolerate

Multi Agency Safeguarding Hub Membership of borough wide safeguarding group

Partnership working with RMBC and other agencies

Leadership

Committee providing assurance AQUABetter HealthBetter Care Executive lead(s) SCSustainability

Gp Lead / Lay Lead

0

10

F M A M J J A S O N D J

L C T

1 28.11.2016 Alun Windle CCG not hitting March 2017 deadline imposed by NHSE for the PUPoC claims process to complete

NHSE deadlines and extensive review process of NHS RCCG

Possible maladministration notice (unknown financial impact) for NHS RCCG

5 Action completed by end of January 2017. Closure requested.

Feb-17 N/A

2 29.11.2016 Jacqui Tuffnell Collaborative commissioning of specialised services

Insufficient funding transferred for provision of services

Inability to procure required services and/or additional financial impact for RCCG

3 4 12 N/A

3 29.11.2016 Jacqui Tuffnell Not maintaining accessible and high quality primary care as a consequence of recruitment issues

High numbers of GPs and practice nurses in Rotherham aged 55-59 and insufficient new trainees coming in to replace and insufficient providers using new workforce models

Inability for providers to continue delivering all requirements and ultimately may have to cease all provision causing more pressure on other providers.

3 4 12 N/A

4 29.11.2016 Jacqui Tuffnell Impact of PMS changes on the stability of practices

Changes in the funding arrangements for practices

Inability for providers to continue delivering all requirements and ultimately may have to cease all provision causing more pressure on other providers

3 3 9 N/A

5 13.12.2016 Sue Cassin Reputational risk to NHS RCCG and individual risk to one or more Looked After Children

Low achievement of undertaking initial health assessments with statutory framework

Not identifying health needs of children entering the care system and putting necessary care plans in place may result in harm.

3 4 12 Working closely with RMBC and TRFT to refresh processes and joint working to ensure children attend clinics. Peer review by Sheffield CCG

Feb-17 Objective 3 GBAF

6 13.12.2016 Sue Cassin Reputational risk to NHS RCCG and possible instability to Strategic Clinical Executive from CQC inspection of GP practices

CQC inspection of GP practice and resultant ratings

Need to support practices to take remedial action through the contract

2 4 8 PM forum, nurses forum, facilitation of information sharing, support via development of templates for collation of evidence. Support with areas of underachievement identified


7 05.01.2017 Keely Firth Failure to deliver QIPP programme for 2017/18

Added costs in prescribing, planned care, unscheduled care

Higher levels of expenditure

3 4 12 Focus on waste by MM team; Protocols agreed for clinical thresholds; Block contract for non electives


8 05.01.2017 Keely Firth TRFT operate within control total agreed with NHS Improvements for 2016/17 which is a deficit plan. If the trust cannot sustain the provision of services within its financial envelope the services may be withdrawn by the trust

Lack of capacity Cost of buying capacity at premium and tariff payments

4 4 16 There is a national cap on locum and agency payments for FTs; FTs working together vanguard looking at vulnerable specialites; FT held to account by NHSI re quality and financial performance and and HEE re clinical staffing

Feb-17 N/A

NHS Rotherham Clinical Commissioning Group – Risk Register

Date reviewed

Links to Governing Body Assurance Framework /Issues Log

Risk rating

Assurance & Actions Ref Entry date Lead Person Risk Description Risk Cause Risk Consequence

L C T

Date reviewed


Risk rating


9 05.01.2017 Keely Firth Adverse impact on staffing capacity by additional community responsibilities and national policy changes

Refocusing of corporate capacity

Lack of corporate performance

4 3 12 Review of structure now comnpleted with comments from staff now received; New structure to be introduced wef 1st April 2017

Feb-17 N/A

10 05.01.2017 Keely Firth Financial pressures in non-health organisations may result in reduction in investments upon which healthcare services are reliant

Lack of capacity in wider services leading to reduced support for specific patient groups.

CCG’s objectives to reduce admissions and safely support patients in alternative setting may be compromised.

4 4 16 The Rotherham place plan commits all partners to the delivery of joint objectives and organisations will be held to account by each other.

Feb-17 N/A

11 05.01.2017 Keely Firth Insufficient funds to finance CCG planned objectives on a recurrent basis

Reductions in allocation growth levels and increases in national pricing tariffs

Increased efficiency requirements

3 4 12 The CCG plan invests in areas where growth in demand is anticipated and where there is limited opportunity to intervene to minimse it.

Feb-17 N/A

12 05.01.2017 Keely Firth Increasing costs of individual patients of continuing care

Growth in new patients requiring CHC

Overspends on CHC budget

3 4 12 Robust application of the legal framework by the CHC team.

Feb-17 N/A

13 05.01.2017 Keely Firth Adverse financial pressure from YAS contract

Rebasing exercise undertaken by YAS regarding the costs of services to CCG’s

Significant increase in the contract value for YAS with RCCG.

3 3 9 This will not occur in 2017/18. Feb-17 N/A

14 09.01.2017 Sarah Lever Failure to deliver A&E standards (constitutional requirement)

Increased ambulance arrivals, and shortage of medical staffing at TRFT

Low performance against the A&E standard for which the CCG are held to account by NHSE

3 4 16 CCG chair the A&E delivery Board and there are detailed action plans to ensure that all enablers to the performance are optimised.

Feb-17 N/A

15 13.2.2017 Ian Atkinson Failure to deliver 6ww diagnostic standards (constitutional requirement)

Staffing Challenges within TRFT impacting on the number of available diagnostic clinics

Low performance against the 6ww standard for which the CCG are held to account by NHSE, could impact on other Waiting Time targets if not resolved.

3 4 12 CCG Chair TRFT contractual meetings, agreement with TRFT to outsource diagnostics capacity to meet demand. Agreed recovery trajectory in place to improve performance

Feb-17 N/A

16 13.2.2017 Ian Atkinson Failure to IAPT 6ww Access Target get (constitutional requirement)

Staffing Challenges within TRFT impacting on the number of available diagnostic clinics

Low performance against the 6ww standard for which the CCG are held to account by NHSE, could impact on other Waiting Time targets if not resolved.

3 4 12 CCG Chair RDASH contractual meetings, IAPT National Intensive Support team visited Rotherham and actions being taken to improve position, e.g. further training of Workforce, Self Referral. Agreed recovery trajectory in place to improve performance

Feb-17 N/A

L C T

Date reviewed


Risk rating


17 13.2.2017 Ian Atkinson Delivery of CAMHS Transformation, Waiting Times and lack of improvement in the quality of service

Mobilisation of the new CAMHS Model, increase refferals impacting on the ability to deliver access times

Transformation Plan is being delivered with significant recruitment into the CAMHS service. Waiting times for access remain challenging. Continued dissatisfaction in the serviceby GP's families and young children

3 4 12 CCG Chair CAMHS Strategy and Partnership Group and fortnightly CAMHS performance meeting. Recently agreed to develop a Section 75 agreement with RMBC for CAMHS.

Feb-17 N/A

18 11.11.2011 Sue Cassin Quality of Commissioned Services Inability of providers to deliver quality safe services.

Sub optimal care for patients resulting in poor outcomes. Loss of reputation for both provider and commissioner

4 3 12 Three officers are responsible for quality of each major contract area. For TRFT as largest contract we maintain quality assurance by monitoring the national quality standards within the NHS standard contract along with national and locally agreed Local Incentive Schemes. Participating in providers assurance meetings. Ad hoc and planned visits to provider units, including a programme of clinically led visits. Managing the assurance of responses to Serious Incidents on behalf of the NHSE. A wide range of benchmarking data is monitored including data on HSMRs and condition specific HSMRs peer, CQC risk ratings. Similar processes are in place for RDASH. A wide range of hard and soft intelligence is used through contract for assurance of GP quality.

Feb-17 GBAF 1

19

24.01.2017 Emma Royle Failure to implement SEND reforms (part 3) of the Children and Families Act 2014/SEND Code of Practice.

Complexity of the new SEND reforms.

Lack of assurance for the CCG due to non-attendance at the Education Health & Care Panel

CCGs failure to identify correct attendee at EHC panel

EHC plans agreed at panel become statutory documents and the CCG must provide health provisions stated in the plan. If the CCG does not have oversight of these plans it may result in the CCG having to provide non universal services.

3 4 16 CCG completed a diagnostics self-assessment (provided by the council for disabled children). A second assessment is due to take place by the end of January 2017. This covers all aspects of the SEND reforms.

23.01.17 OE requested ER obtain information regarding how CCGs across the country are dealing with this.

Feb-17 N/A

L C T

Date reviewed


Risk rating


20

31.01.2017 Chris Edwards Services are currently commissioned on South Yorkshire & Bassetlaw footprint and sustainability of hospital services is being reviewed.

Some services may no longer be provided by our local acute provider.

Risk around sustainability of services on a local footprint

3 4 12 STP plan commissioned a review by Sept 2017 to asses hospital sustainability

Feb-17 N/A

21

31.01.2017 Chris Edwards Risk of possible lack of support to victims of CSE due to the scale of criminal proceedings and political issues as commissioners still running Children’s services at the council.

Ongoing CSE criminal proceedings

Requiring additional mental health support for victims. Reputational damage to CCG for Adult Mental Health/CAMHS

3 4 12 Children’s BoardCCG Commissioning strategy CAMHS transformation planInvestment in IAPT services (Adult mental health)

Feb-17 N/A

22

02.02.2017 Claire Smith Demand flux in the 111 service Number of referrals and patient contacts. Capacity of the service.

Patients currently in inappropriate destinations e.g. A&E. Impact on demand management.

4 5 20 Capacity versus Demand is monitored through the contract. Although useage has increased this is not above the contracted capacity at present

Feb-17 N/A

1 2 3 4 5

Rare Unlikely Possible Likely Almost certain

1

Negligible

2

Minor

3

Moderate4

Major5

Extreme

Risk Score

Risk Descriptor

1-5 Low6-11 Medium

12-15 High16-20 Very High

25 Extreme Hungry Eager to be innovative and to choose

4 8 12 16 20

5 10 15 20 25

Risk Appetite Statement

Cautious Preference for safe options that have a

10

3 6 9

Averse Avoidance of risk and uncertainty is a key

12 15

Open Willing to consider all potential options and

Minimal Preference for ultra-safe options that are

Risk Matrix

LikelihoodC

onse

quen

ce

1 2 3 4 5

2 4 6 8

of 2

1 Open 28.11.2016 Alun Windle Litigation and patient safety issues. Caused by a lack of management system for equipment in the community commissioned by NHS Rotherham CCG.

Resulting in possible patient harm, faulty equipment, staff working above competencies and litigation.2 cases where families have purchased equipment and the NHS are now providing consumables therefore condoning the purchase of this equipment.

This issue remains the same – because the issue was/is unquantifiable due to the CCG having not held a list of equipment previously it’s difficult to assess what service is needed to be procured in the future. Over the past 9 months CHC have commenced collating a list of equipment – using CHC data the CCG maybe able to go back to procurement with a level of service required – The service is also scoping other CCGs on how they monitor such equipment

S Cassin 5 GBAF 1

2 Open 29.11.2016 Jacqui Tufnell Ineffective patient care. Caused by lack of delivery of the Capita contract. Resulting in possible impact on patient care, CCG costs and reputation.

J Tufnell 5 GBAF 1

3 Open 05.01.2017 Keely Firth Failure to deliver QIPP programme for 2016/17 Added costs in prescribing, planned care, unscheduled care is resulting in higher levels of expenditure.

K Firth 5 GBAF 2

4 Open 09.01.2017 Sarah Lever Failure to deliver the A&E standards for 2016/17 (constitutional requirement).

Increased ambulance arrivals, and shortage of medical staffing at TRFT resulting in low performance against the A&E standard for which the CCG are held to account by NHSE.

S Lever 5 GBAF 1/3

5 Open 02.02.2017 Claire Smith Failure of YAS to achieve RED 18 minute Target 2016/17 at CCG level and Yorkshire & Humber wide.

The target is not being achieved in 2016/17 - this is comparable to other emergency ambulance providers across the country.

C Smith 5 GBAF 1/3

6 Open 06.02.2017 K Leahy Financial risk to the CCG arising from its duties under developing case law regarding potential Deprivation of Liberty for health commissioned care packages in the community (CHC clients)

Ongoing meeting arranged for mid-February between Head of Quality, Safeguarding Adult/ Clinical Quality Lead and Operational Lead for CHC team regarding managing the risk and moving forward

S Cassin 4 GBAF 3

Links to Governing Body Assurance

Framwork /Issues Log

Date identified Issue Author

Priority rating

1 – Negligible 2 – Minor 3 – Moderate4 – Major5 – Extreme

ID Status Issue description Latest Update Issue Owner

Status is used to establish the current phase of the issue. Status can be: New, Emerging, Open, Pending Update, Requesting Closure, and Closed. It is important to keep a record of closed issues until the project is over, they can often be used to establish lessons learned and occasionally provide useful reference points. If Excel is used for the Issue log then it is much easier to filter the Issues on open or closed status.

Issue Author is the individual who has recorded the issue. The Issue Owner is the individual who has taken the responsibility for resolving the issue.

Latest update needs to include the date, the initials of the person updating, the update including progress on any actions and any new actions.

The Priority Rating column is populated by a rating to indicate the priority of the issue. For example:

NHS Rotherham Clinical Commissioning Group - Issues Log

Description of selected headings:

of 2

Links to Governing Body Assurance

Framwork /Issues Log

Date identified Issue Author

Priority rating

ID Status Issue description Latest Update Issue Owner

7 Open 06.02.2017 K Tufnell Failure to deliver the National IAPT waiting times standards

75% of people seen within 6 weeks 95% of people seen within 18 weeks

95% of people seen within 18 weeks - achieved 75% of people seen within 6 weeks - not yet achieved. Remedial action plan under-development

K Tufnell 4 GBAF 1

8 Open 06.02.2017 K Tufnell NHS England unable to locate CAMHS Tier 4 Bed. As a result RDaSH are placing under 18's with Rotherham's Adult beds - Risk Children in adult beds. Adult beds occupied (currently CCG not charging) could result in CCG having to fund out of area bed for Adult. (Emergency Issue)

No such admissions in this period K Tufnell 4 GBAF 1

nhs rotherham clinical commissioning group body papers... · page 1 of 6 nhs rotherham clinical...

Documents